# OAuth Provider Configuration for All AeThex Domains This document contains the redirect URIs and configuration needed for each OAuth provider across all AeThex domains. ## OAuth Redirect URI Pattern All redirect URIs follow this pattern: ``` https://{domain}/auth/{provider}/callback ``` ## Provider Configurations ### 1. Discord OAuth **Discord Developer Portal:** https://discord.com/developers/applications Navigate to: Your Application → OAuth2 → Redirects **Add these redirect URIs:** ``` https://aethex.app/auth/discord/callback https://aethex.co/auth/discord/callback https://aethex.tech/auth/discord/callback https://aethex.id/auth/discord/callback https://aethex.online/auth/discord/callback https://aethex.fun/auth/discord/callback https://aethex.live/auth/discord/callback http://localhost:5173/auth/discord/callback (development) ``` **Environment Variables:** ```bash DISCORD_CLIENT_ID=your_client_id DISCORD_CLIENT_SECRET=your_client_secret ``` --- ### 2. GitHub OAuth **GitHub Developer Settings:** https://github.com/settings/developers Navigate to: OAuth Apps → Your App → Authorization callback URL **Add these redirect URIs:** ``` https://aethex.app/auth/github/callback https://aethex.co/auth/github/callback https://aethex.tech/auth/github/callback https://aethex.id/auth/github/callback https://aethex.dev/auth/github/callback https://aethex.pro/auth/github/callback http://localhost:5173/auth/github/callback (development) ``` **Note:** GitHub only allows ONE callback URL per OAuth App. You'll need to create multiple OAuth Apps (one per domain) OR use a single primary domain. **Recommended Approach:** - Primary: `https://aethex.app/auth/github/callback` - Development: `http://localhost:5173/auth/github/callback` **Environment Variables:** ```bash GITHUB_CLIENT_ID=your_client_id GITHUB_CLIENT_SECRET=your_client_secret ``` --- ### 3. Roblox OAuth **Roblox Creator Hub:** https://create.roblox.com/credentials Navigate to: OAuth 2.0 Apps → Your App → Redirect URIs **Add these redirect URIs:** ``` https://aethex.app/auth/roblox/callback https://aethex.co/auth/roblox/callback https://aethex.tech/auth/roblox/callback https://aethex.id/auth/roblox/callback https://aethex.fun/auth/roblox/callback https://aethex.space/auth/roblox/callback http://localhost:5173/auth/roblox/callback (development) ``` **Environment Variables:** ```bash ROBLOX_CLIENT_ID=your_client_id ROBLOX_CLIENT_SECRET=your_client_secret ``` --- ### 4. Twitch OAuth **Twitch Developer Console:** https://dev.twitch.tv/console/apps Navigate to: Applications → Your App → OAuth Redirect URLs **Add these redirect URIs:** ``` https://aethex.app/auth/twitch/callback https://aethex.co/auth/twitch/callback https://aethex.tech/auth/twitch/callback https://aethex.id/auth/twitch/callback https://aethex.live/auth/twitch/callback https://aethex.fun/auth/twitch/callback http://localhost:5173/auth/twitch/callback (development) ``` **Environment Variables:** ```bash TWITCH_CLIENT_ID=your_client_id TWITCH_CLIENT_SECRET=your_client_secret ``` --- ### 5. Microsoft OAuth (Minecraft) **Azure Portal:** https://portal.azure.com → Azure Active Directory → App registrations Navigate to: Your App → Authentication → Redirect URIs **Add these redirect URIs:** ``` https://aethex.app/auth/minecraft/callback https://aethex.co/auth/minecraft/callback https://aethex.tech/auth/minecraft/callback https://aethex.id/auth/minecraft/callback https://aethex.fun/auth/minecraft/callback https://aethex.space/auth/minecraft/callback http://localhost:5173/auth/minecraft/callback (development) ``` **Platform Configuration:** - Type: Web - Implicit grant: Access tokens, ID tokens **Environment Variables:** ```bash MICROSOFT_CLIENT_ID=your_client_id MICROSOFT_CLIENT_SECRET=your_client_secret MICROSOFT_TENANT_ID=consumers ``` --- ## Stripe Configuration **Stripe Dashboard:** https://dashboard.stripe.com Navigate to: Settings → Checkout settings → Success/Cancel URLs **Success URLs:** ``` https://aethex.shop/upgrade/success https://aethex.tech/upgrade/success https://aethex.app/upgrade/success https://aethex.biz/upgrade/success https://aethex.pro/upgrade/success ``` **Cancel URLs:** ``` https://aethex.shop/upgrade/cancel https://aethex.tech/upgrade/cancel https://aethex.app/upgrade/cancel https://aethex.biz/upgrade/cancel https://aethex.pro/upgrade/cancel ``` **Environment Variables:** ```bash STRIPE_SECRET_KEY=sk_live_... STRIPE_PUBLISHABLE_KEY=pk_live_... STRIPE_SUCCESS_URL=https://aethex.shop/upgrade/success STRIPE_CANCEL_URL=https://aethex.shop/upgrade/cancel ``` --- ## Supabase Configuration **Supabase Dashboard:** https://app.supabase.com Navigate to: Authentication → URL Configuration **Site URL:** ``` https://aethex.app ``` **Redirect URLs (wildcards allowed):** ``` https://aethex.app/** https://aethex.co/** https://aethex.tech/** https://aethex.id/** https://aethex.online/** https://aethex.network/** https://aethex.cloud/** https://aethex.dev/** https://*.aethex.app/** https://*.aethex.cloud/** http://localhost:5173/** ``` **Environment Variables:** ```bash SUPABASE_URL=https://kmdeisowhtsalsekkzqd.supabase.co SUPABASE_SERVICE_KEY=your_service_role_key SUPABASE_ANON_KEY=your_anon_key VITE_SUPABASE_URL=https://kmdeisowhtsalsekkzqd.supabase.co VITE_SUPABASE_ANON_KEY=your_anon_key ``` --- ## Testing OAuth Flows ### Test Script Create a test script to verify OAuth flows across domains: ```bash #!/bin/bash DOMAINS=( "aethex.app" "aethex.tech" "aethex.id" ) PROVIDERS=( "discord" "github" "roblox" "twitch" "minecraft" ) for domain in "${DOMAINS[@]}"; do for provider in "${PROVIDERS[@]}"; do echo "Testing https://$domain/auth/$provider" status=$(curl -s -o /dev/null -w "%{http_code}" "https://$domain/auth/$provider" --max-time 5) if [ "$status" -eq 302 ] || [ "$status" -eq 301 ]; then echo " ✓ Redirects correctly ($status)" else echo " ✗ Unexpected status: $status" fi done done ``` ### Manual Testing 1. **Test Discord OAuth:** ``` https://aethex.app/auth/discord https://aethex.tech/auth/discord ``` 2. **Test GitHub OAuth:** ``` https://aethex.app/auth/github https://aethex.dev/auth/github ``` 3. **Test Roblox OAuth:** ``` https://aethex.app/auth/roblox https://aethex.fun/auth/roblox ``` 4. **Test Twitch OAuth:** ``` https://aethex.app/auth/twitch https://aethex.live/auth/twitch ``` 5. **Test Minecraft OAuth:** ``` https://aethex.app/auth/minecraft https://aethex.fun/auth/minecraft ``` --- ## Domain-Specific Recommendations ### Primary Auth Domain: aethex.tech & aethex.id Use these domains for all authentication-related flows: - OAuth callbacks - Password reset links - Email verification links - Magic link authentication **Benefits:** - Clear separation of concerns - Better security isolation - Easier to manage SSL certificates - Simplified rate limiting ### Primary App Domain: aethex.app Use this as the main entry point for users: - User dashboard - Application interface - Profile management ### E-commerce Domain: aethex.shop Use this for all commerce-related flows: - Stripe checkout - Payment success/cancel pages - Order management --- ## Environment Variables Summary Create `.env.production` with ALL OAuth credentials: ```bash # OAuth Providers DISCORD_CLIENT_ID=... DISCORD_CLIENT_SECRET=... GITHUB_CLIENT_ID=... GITHUB_CLIENT_SECRET=... ROBLOX_CLIENT_ID=... ROBLOX_CLIENT_SECRET=... TWITCH_CLIENT_ID=... TWITCH_CLIENT_SECRET=... MICROSOFT_CLIENT_ID=... MICROSOFT_CLIENT_SECRET=... MICROSOFT_TENANT_ID=consumers # Stripe STRIPE_SECRET_KEY=sk_live_... STRIPE_PUBLISHABLE_KEY=pk_live_... STRIPE_SUCCESS_URL=https://aethex.shop/upgrade/success STRIPE_CANCEL_URL=https://aethex.shop/upgrade/cancel # Supabase SUPABASE_URL=https://kmdeisowhtsalsekkzqd.supabase.co SUPABASE_SERVICE_KEY=... SUPABASE_ANON_KEY=... VITE_SUPABASE_URL=https://kmdeisowhtsalsekkzqd.supabase.co VITE_SUPABASE_ANON_KEY=... # Session SESSION_SECRET= # General NODE_ENV=production OAUTH_REDIRECT_URI=https://aethex.app PRIMARY_DOMAIN=aethex.app AUTH_DOMAIN=aethex.tech ``` --- ## Security Checklist - [ ] All redirect URIs use HTTPS (except localhost) - [ ] OAuth secrets are stored in environment variables, not code - [ ] Session secret is strong (32+ characters) and unique - [ ] CORS origins include all valid domains - [ ] Rate limiting is configured for auth endpoints - [ ] SSL certificates are valid and auto-renewing - [ ] Redirect URIs exactly match configured values (including trailing slashes) - [ ] Test OAuth flows on each domain before production deployment --- ## Troubleshooting ### "Redirect URI mismatch" error **Cause:** The redirect URI doesn't match exactly **Solution:** 1. Check the OAuth provider's dashboard 2. Ensure protocol matches (http vs https) 3. Ensure domain matches (including subdomain) 4. Check for trailing slashes 5. Verify the callback path (e.g., `/auth/discord/callback`) ### OAuth works on one domain but not another **Cause:** Redirect URI not configured for that domain **Solution:** 1. Add the redirect URI to the OAuth provider 2. Wait a few minutes for propagation 3. Clear browser cookies and try again ### Session not persisting across domains **Cause:** Cookies are domain-specific **Solution:** 1. This is expected behavior - sessions are isolated per domain 2. Use a shared auth domain (aethex.tech or aethex.id) 3. Implement token-based auth for cross-domain sessions --- ## Next Steps 1. Create OAuth applications for each provider 2. Add all redirect URIs to each provider 3. Copy client IDs and secrets to `.env.production` 4. Test OAuth flows on primary domains 5. Deploy and test on all domains 6. Monitor auth logs for errors For deployment instructions, see `/DOMAIN_SETUP_GUIDE.md`.